Is certutil.exe a hacker tool?

I was recently involved in a penetration testing activity together with some of my team members at TrueSec and we simply ran into a little issue where we needed to convert some binary files to a more convenient format to be able to transfer to the target system we were working with. This is normally not a big issue but this system was a little bit more tightened than what we normally see at customer’s sites. We could for instance not use WSH to create a decoding script as the system required all scripts running to be signed and when we looked for the debug command it was not there anymore!

So the challenge was to find a tool already built into the Windows platform that could perform any kind of decoding from text to binary. Since Windows 2000 there is built-in command-line program called certutil.exe for managing Certificate Services and certificate related tasks, this nice tool provides a way to encode and decode files using the Base64 schema. As this tool is one of many built-in tools in Windows, the system did not had any issues to let us use it for the purpose of decoding our Base64 encoded text stream we managed to transfer to the server and the saga could continue as planned, or should I say as we planned 🙂